IRC Logs for #crux-devel Saturday, 2010-10-23

*** kreed has joined #crux-devel02:46
*** pitillo has quit IRC03:40
*** pitillo has joined #crux-devel03:42
*** aubic has quit IRC03:57
*** jue has joined #crux-devel04:16
juefrinnst: thanks for the link, missed that issue04:18
juecan confirm that the exploit works for us ;)04:19
jueand the suggested fix from RH seems to fix it ->
juebut IMO we should wait for Ulrich's review, see his response in the above thread04:22
jueI've added a glibc-port with that patch to my private repo:04:27
juehttpup sync glibc04:28
*** kreed has quit IRC04:33
*** kreed has joined #crux-devel04:50
*** jue has quit IRC05:24
*** jue has joined #crux-devel05:35
*** mike_k has joined #crux-devel07:49
juetilman: you've seen the glibc issue?08:08
tilmanyes, buti haven't seen a fix that08:11
*** pitillo has quit IRC08:13
juedo you agree to wait until we get a "official" fix/response from Drepper?08:14
juetilman: ?08:28
*** pitillo has joined #crux-devel08:44
juesorry, I've mixed up the two similar problems a bit, will try to clarify the things:09:41
juethere are two different CVE's wrt glibc and LD_AUDIT09:41
juea) CVE-2010-384709:42
jue-> Ann:
jue-> Fix:
jueb) CVE-2010-385609:42
jue-> Ann:
jue-> Fix:
juelooks like we are not vulnerable to a), see
tilmanoh boy09:42
tilmani hadn't seen the second one yet09:42
jueBut anyway, I've updated the glibc-port in my repo now with both patches09:42
juewell, the second is serious for us, I've been able to get a root shell09:43
*** nthwyatt has quit IRC10:32
*** jue has quit IRC10:33
*** nthwyatt has joined #crux-devel10:33
*** jue has joined #crux-devel10:35
juehmm, that's surprisingly: 125 downloads of the i586' version11:48
*** jue has quit IRC15:33
*** mike_k has quit IRC16:21
*** kreed has quit IRC17:14
*** mavrick61 has quit IRC21:40
*** mavrick61 has joined #crux-devel21:42

Generated by 2.11.0 by Marius Gedminas - find it at!